Security and Data Information

• Security & privacy
• What to do in case of suspected data breach
• Release Notes
• Set up Microsoft logins
• How Do Barcodes Work?

Security & privacy

Connection security

All data sent to or from SETLS is protected by TLS 1.2 or above. This provides the same level of security as online banking, government and other sites.

Authentication & password management

SETLS uses form-based authentication where the password is sent as a POST parameter. The password is transmitted securely using TLS.

Passwords are stored in the database as a salted hash, and cannot be retrieved by the SETLS team. Passwords can be reset by any user with administrative permissions by

• sending a password reset email to the member, or
• manually entering the new password

After checking the password, SETLS creates a cryptographically-secure session cookie. This is used to identify the user when they return to SETLS using the same device, so they do not need to log in again.

A user with administrative permissions can remove a logged-in session, or reset the user's password. Both actions will require the user to enter their password the next time they access SETLS.

Email configuration

SETLS sends emails to members or toy library staff for a variety of reasons, including:

• reminders to return items or attend volunteer sessions
• notifications that a held item is available or membership fees are due

A full list of the automatic emails can be found in the demonstration system.

Emails are sent with a "from" address of noreply@<toylibrary>.setls.com.au. The "reply to" address can be set from the settings page.

Emails from SETLS are sent via Amazon Simple Email Services (SES). You do not need to provide SETLS with access to your mail server or a relay.

Sensitive information

SETLS can be used to record information about members that may be considered sensitive. This information includes:

The following additional fields can be enabled from the settings page.

Additional information related to library operations, such as membership type, are also recorded. These can be seen in the demonstration system.

Financial transactions

SETLS can be used to manually record member charges and payments, including membership fees and penalties.

SETLS also supports online payment of membership fees using PayPal. This requires creation of a PayPal account.

The SETLS team are currently investigating integration with Square for online and in-person payments.

Data validation

SETLS uses model-driven design and all input fields are:

• Type-checked against the database
• Protected from SQL injection using parameterised queries

Many scenarios for business rule checking are covered by workflow operations rather than manual data entry. For example, when loaning an item, the loan and due dates are derived automatically instead of being entered manually.

Model-driven design allows business rules to be centralised in the model rather than being distributed throughout the user interface. Examples include:

• When changing an item location, only valid destinations are available for selection
• When manually updating a loan record, the return date must be on or before the loan date

SETLS servers

The following service providers are used by SETLS:

The list of IP address ranges currently used by the Amazon is available from AWS IP address ranges - AWS General Reference (amazon.com)

The SETLS database is not currently protected by encryption at rest. This is scheduled to be resolved in 2024.

What to do in case of suspected data breach

In the case of suspected data breaches ie a committee members phone is stolen, or there is a break in and your laptop (which is left logged in) is stolen, please follow the below steps to help secure your data and email admin@setls.com.au

LOG OUT THE USER (pictured)

If you are confident in which user/s are logged in/saved on the devices, go to their account and select login history. You have the option of logging out specific sessions, or logging all sessions out. If it is your own account that has been compromised, logging all out will boot you out, so you may want to have another committee member on standby to do the next steps.

REMOVE ADMIN PRIVILEGES

Go to Profile, edit, and change Security Level to normal. This means that even if the person manages to log in, they won't be able to access anything other than that account's details.

RESET PASSWORD
Go to Username/Password, and generate a new password. This means that the password saved on the device will no longer work.

Note: I know some toy libraries also leave their emails logged in on their laptops, so there is a chance that if you email out the new password it will be received by the thief, which is why its so important to revoke those admin privileges.

Release Notes

2024-05-26

2024-05-11 release applied to all sites. Issues with ruby/rails bump, so rolled that back.

• Fixed bug that left reservable as nil on new categories
• Add reservations check to edit loan history 
• Updates to GRTL bag label
• Standardized names on locked members table, volunteer histories table, added member ID 

2024-05-11

(Dev release only)

• bump to ruby 3.2.4 and rails 7.1.3
• Add "found it" button to missing pieces on toy
• All admin users to view and edit member's current branch
• Allow new items to be created in status locations other than "in library"
• protect SeTLS Admin account from de-identification
• remove spellcheck from email forms due to depreciation

2024-04-28

• Changes to edit transaction form to prevent issues with Paypal and other validations
• Restrict options for delimiter ('-', '.', or none)
• Add Holds option - "Admins can override holds", which allows items with holds to be loaned out to other members
• Fixed issues with returning toy from one member and loan to another workflow
• Allow admin users to loan toys out from non-"in library" status locations
• Updates to Waikato Large label

2024-03-14

• Fix bug that allowed loans on the first day of a reservation
• Set legacy flag for new fee types

2024-03-10

• Render line breaks for special event descriptions
• Optimize items never loaned query
• Fix transaction type nil issue for bond histories
• Fix bug in toys never loaned report, add shelf location
• Remove unused toy_library_settings columns from schema
• fix bug in self service member look up

2024-03-04

• Add delete button to member membership history table
• Fix bug for running balance on member's transaction table

2024-02-29

• Fix bug in banking forms

2024-02-25

• Member/Transaction History page overhaul
  • New table layout
  • Select multiple functionality with pay via and delete options
  • New email - Payment Receipt
  • New element for Payment related emails - "list_of_selected_transactions". Adds a table of the selected transactions to the email
• Refactor Loan History tables
  • Change "All Loans" (only shows 100 records) to "Last 12 months of Loans", include Member ID for export
  • Remove Overdue Loans as same information included in Current Loans
• Finish adding user association to loan histories, update "last borrowed" on item display
• Fix bug in create membership type when C&C on and Holds off
• Standardize Locked membership type across all sites
• Update member picker to avoid interactions with password managers
• C&C - Allow Admin to add toys to basket even if expired or confirmed

2024-01-24

• Add legacy option for branches
• Create printable stocktake document for Upper Hutt
• Fix text error in invoices
• Update to Waikato Bag Label barcodes
  

2024-01-15

• Fix bug in email template "loan table"

2024-01-09

• Fix bug in charge_rent
• Fix bug for nil suburb
• Use includes to find Branch in the toys index list

2024-01-07

• Don't show required rosters value if member pays roster levy
• Fix bug with purchase orders in invoices
• Fix item code generation for numeric prefixes (Cataloguing Styles)
• Add list of invalid items
• Update locked members list to include member 2 details and last membership type
• Block 'move to missing' box when reporting a missing piece on an item that is on loan

2023-12-24

• Overhaul of Member page view
  • Missing Pieces box only shows amount currently missing (list removed), and will turn red if any current missing pieces
  • Volunteer History box -
    • shows only details for the "current" membership, and future nominations
    • Indicates amount remaining to do
    • Displays colour based on the current membership, not the "most recent" one (so won't be red for early renewals)
  • Various efficiency changes
• Rework Member Holds page to have multi-select actions
• Added "available_holds" element to Hold Now Available Email - when used with multi-select, will fill with table of the available holds
• Make session expiry occur at midnight
• Add legacy filters to Manual Bond Form and Single Volunteering Session create
• Improve Cataloguing Style validations
  • Items that do not obey Cataloguing style rules will no longer be considered valid (and cannot be borrowed/updated until fixed)
  • Banner added to items to indicate if invalid
• Remove delete button from Branches
• Reformat loans table email element to include pieces
• Add purchase date to all items (including deleted) list
• Improve email uniqueness check
• Various work cleaning up item associations

2023-11-28

• Allow reservations to be booked for pick up on the same day a reservation is due to be returned
• Correctly order shelf location search box in item pictures page
• Fix bug in Membership Type create when holds turned off

2023-11-16

• Prevent double dots in emails
• Add browser-side validation for children's birthdates
• Patch nil string bug for storage location index

2023-11-13

• Feature added: Item Notes
• Remove large "money saved" box, replace with menu bubble
  
  • Smaller "Did you know?" summary when member views their own page
  • Summary added to Previous Loans page
• Fixes to Mt Albert Bag Label
• Fixes to Brisbane South Bag Label

2023-10-07

• Replace I18n translation with tls.item 
• Remove resource locale (now handled by tls.item)
• Overhaul of Member Kind to Membership Type
  • Rename across site
  • Update new/edit form
  • Update show
• Overhaul of Annual Fee to Membership Fee on site (database level to come later)
• Fix bug that didn't set legacy on new transaction types
• Update item popularity reports
  •  Use date purchased, or date created in SeTLS if date purchased is not set, for "time owned" calculation
  • Include items that have never been borrowed
  • Correctly sort time based columns (time owned, time since first loan)

2023-10-02

• Only show reservable on categories if reservations are turned on
• Remove defunct paypal emails
• Extend item name length
• Fix duplicate member suggestions for online sign ups
• Add "edit return dates" to login level options
• Add billing details to SeTLS Invoice pages
• Update invoice templates

2023-09-25

• Fix 'unknown member' error when creating a reservation from member page and another member has same name
• Change actual volunteering sessions list to include today
• Add loan receipt and member expiry emails
• Item page now checks borrowing rights when loaning to member

2023-09-13

• Make membership history table scroll on narrow screens
• OSMPTL label updates
• Fix 'toy' on user homepage

2023-09-09

• Upgrade to Rails 7

2023-09-06

• Fixed bug that caused infinite loops for memberships with nil date values
• Update Primary Label to be more responsive
• Add time to loan history (only visible to admin or "view other member" levels)
• Add optimistic concurrency check (to fix bug where Edit Toy page is open while toy is returned, then gets saved and accidentally changes the location back)
• Update Sunbury Label to handle Maori macrons

2023-08-31

• Fix a bunch of bugs from 2023-08-30 release (whoops) 

2023-08-30

• Add "exclude member from nightly emails" feature - excluded members will not receive emails as generated as part of the nightly job
• Updated automatic emails index table, added "class" for nightly or action based
• Fixed bug in "members who are owed money" page and updated language
• Updated Member/Profile page to have edit button a the top as well
• Update deidentifying logic for demo sites

2023-08-25

• Fix bug in member search
• Fix bug that didn't count non-standard tasks 
• Fix Kew performance issue with locked member in error state
• Update MapBox API key 

2023-08-24

• Fix bug related to duty levies in renewal logic
• Fix bug in C&C pages
• Fix more @tls typos
• Update barcode generator to handle lower case

2023-08-23

• Member/Missing Pieces - replace list of selected items with summary when completing an action (ie "You have emailed about 6 missing pieces from 3 toys")
• Fix incorrect volunteer status for tasks on renewal date (credit is now assigned to the new membership history)
• Fix typos from @tls update

2023-08-21

• Fix item suggestions for non-admins
• Membership History page overhaul
  • New classification logic
  • Renew member function automatically calculates dates
  • Fix bug that rendered a blank screen when errors occurred in renewing
• Clean up ToyLibrarySettings.first (use @tls)

2023-08-14

• Fix bug in password resets
• Fix markermap for non-branch sites
• Updates to Brissouth Label

2023-08-13

• Add Microsoft Logins
• Update Puma to 6.x
• Reimplement "..." on item search

2023-08-06

• Remove SearchToySuggestions (and fix bug with Copy Toy)
• Fix select box autocomplete for more than 10 items
• Move privacy policy to promo site

2023-07-30

• Fix sorting bug on Picture Warnings, Text Warnings, and Member/Missing Piece History pages
• Add link to report missing pieces page to take back to the member's page to send email

2023-07-22

• Updates to Gosnells label - add barcode
• Uses Thumbnails added to Settings.
• When Thumbnails turned on, toy images will be applied the following email elements
  • list_of_all_toys
  • list_of_overdue_toys
  • list_of_toys_due_in_X_days
  • list_of_click_and_collect_toys
  • list_of_all_missing_pieces
    
• New email elements added:
  • the_toy_pic (if Thumbnails turned on)
    
  • list_of_selected_missing_pieces (Thumbnails)
  • the_toy_branch (for multiple branches)
• Missing piece table functionality and layout overhauled, ability to email about selected pieces added

2023-07-16

• Update Collingwood Bag Label to be more responsive when long pieces list
• Update Htl Bag Label to include warnings
• Roll out pages side of Thumbnails feature
  • Image on Toy Banner (aside from Edit and Show)
  • Image in toy related tables on Member's Page (Current Loans, Previous Loans, Reservations, Holds)
• [Security] Clean up password fields in forms, tables and JSON

2023-07-08

• Fix bug in Collingwood Bag Label for "nil" Descriptions
• Drop unused "returnperiod" from items
• Add uses_thumbnails migration (in preparation for Thumbnails Feature release)

2023-06-25

• Update Collingwood Bag Label
• Remove active member filter on volunteering emails
• Update Common Warnings and Common Picture Warnings to be Warnings - Text and Warning - Pictures
• Add webp handler for Prawn PDF generator

2023-06-04

• Fixed bug that prevented images from being removed
• Improve messaging in Single Volunteer Session creation page
  

2023-05-21

• Toy page overhaul
  • Reordering of fields
  • Add Colour to Category
  • Remove defunct return loan period field
  • Remove links if user not authorized
  • Fix bug that broke Pop Up Alerts if line breaks or special characters were used
  • Add "Image Last Updated" to page
  • Public and Regular Members only able to access "in circulation" toy pages
  • Edit/Add toy pages match flow of View Toy
• Prevent Holds on non-"in circulation" toys by members
• Update Copy Toy to include all fields, and use item selector
• KDFC bag label update
• Legacy Flag added to Discovery Types
• Click and Collect Summary PDF updates (add shelf location for toys in basket, and items currently on loan for "return" type bookings)
• Fix bug in HDTL box label

2023-04-24

• Improved click and collect booking form
• Fix issue preventing nightly stats calculation  

2023-04-23

• Add setting to control whether driver's licenses are recorded
• Add report for members with driver's license details
• Include reservations in active member calculation for billing
• Bag label updates
  • Little Buddies branch display
  • Mt Albert
• Fix incorrect fee type used for reservation charges

2023-04-11

• Fix error when renewing or reserving items
• Fix incorrect transaction description for renewals and reservations

2023-04-10

• Remove traces of old terminology (private comments now Alerts, public comments now Description)
• Update Alerts table to include item location, category, and if the alerts are marked as pop up
• Fix bug in Click and Collect for branches open on the same day
• Updated rent calculation to only allocate a charge if the value is non-0
• Add "test" messaging to Welcome Email tests (missed in earlier email rework)
• Add WEBP to supported image types, improved messaging for jp2 (non-supported)
• Create script for converting a site to Branch mode

2023-03-01

• Update Stats of Today charting
• Replace jxsgraph with chart.js
• Correctly handle no logo set for MonashTwo bag label
• Toy Well Seeding script template
• Revise Darebin bag label to print multiple to a page
• Fix LogoTwo error on settings page
  

2023-02-09

• Rework MonashTwo bag label
• New Tuart bag label
• Add account balance to expired members report
• Fix volunteer session display on homepage for branches

2023-01-18

• Add custom toy ID on bag label for Yarra Ranges
• Add multiple click-and-collect sessions

2023-01-07

• Fix error reporting missing pieces at library
• Don't try to email members without an email address

2023-01-05

• Fix issue with excluded dates on settings page
• Overhaul scheduled member emails

2022-12-29

• Bag labels
  • Fix GRTL layout when barcodes not enabled
  • Add colors and branch addresses to Yarra Ranges
    
• Second piece column calculation based on order instead of count
• Hide missing piece and payment reminder email buttons if member doesn't have an email recorded
• Add paging for sent automatic emails
• Fix 1toN allocation when no toys exist
• Fix incorrect links in contract expiry emails

2022-12-07

• Toy library can choose if money saved calculation is from purchase price or replacement cost
• Manning label bug fixes
• Fix bug introduced in item status display update

2022-11-27

• Expand de-identify function to completely wipe profile
  • Retrospective de-identify script to clean up old data
• Prevent locking of members with "active" data (holds, reservations, loans)
• Locked unverified members no longer show in the unverified list
• Project Colour
  • "Colors enabled" added to specific label templates
  • Colour and font colour added to Toy Categories, visible to sites that have a supported template
• New Cairns Bag Label created
• Item status display improvements
  • Fix bug that doesn't show "on loan" for reservations with no loan history
  • Only show last loan/reservation (instead of both)
  • Over all tidy up of flow
• Toy Library Settings review
  • Fix bug that prevented non-Australian sites from having Member self renew config options
  • List config errors, and highlight in the view
  • Highlight possible issues in yellow (ie emails that don't have a login)
  • Calendar Automation display improvements
• Prevent negative values for toy costs (purchase, replacement, rental)
• Correct permissions in Item Policy
• Add reference to $20 contract renewal fee to contract expiring auto-email

2022-10-01

• Add Pundit for managing page permissions
• Review Login Levels index page, configure options to match settings turned on
• Develop Manage Member Holds (Login Level option)
  • Can add holds via toy and member pages
  • Can loan holds
  • Can see hold history
  • Can see holds receipt
• Add ability to view Loan History to View Other Members (Login Level Option)
• Fixed bug that showed member balance if Normal Members Can View Transactions was turned on, even if Login Level wasn't View Member Balance = true
• Add "Signed in as <Last Name>" to Admin view
• Add "At <Branch> (Switch?)" for multiple branches
• Add "available holds" to Member page menu
• Handle nils in Storage Location (bundytoylibrary error)
• Block pasting of images into tinymce 
• Geocode settings and branches, fix heatmaps (lat long now set from address)

2022-08-11

• Fix max renewals field on toy category list
• Tell user when email is not found on password reset
• Fix calculation of number of SMS messages sent last month
• Keep current branch when editing an item
• Add time zone and item text to settings
• Update Mornington bag label to fix logo width
• Update GRTL bag label to add picture warnings and improve layout
• Replace how_to links with wiki
• Show separate hold and alert banners when returning toys

2022-07-27

• Permanent fix for scheduled mail job failing

2022-07-26

• Fix 'number of toys on loan' reports (introduced on 2022-07-04)

2022-07-25

• Hotfix scheduled mail job failing

2022-07-23

• Start preparing for Rails 6
  • zeitwerk fixes
  • fix filenames in send_data
• Reservations changes
  • Fix success message not being shown when making a reservation
  • Improve display of reservations on toy history page
  • Improve pickup/return buttons on member pages
• Fix calendar links when creating actual opening hours in branch mode
• Improve daily stats page
• Prevent item being renewed if a conflicting reservation exists
• Add SMS spend tracker
• Only send SMS invoice if messages have been sent
• Remove member 2 login when email is changed
• Don't create member suggestion if member is locked
• Add item suggestion to returns page
• Add Sunbury bag label

2022-07-05

• Block access Bulk Email feature from Sample TL
• Fix 'unknown' membership expiry bug

2022-07-04

• First release of Bulk Email feature
• Fixed self-renewal using incorrect fee type (PPTL)
• Online sign up - branch_id is now set when they are verified (to match the branch_id of the user verifying them)
• Fix invoice to display as $1 instead of 100c
• BTL Vic Bag label update

2022-06-24

• Fix asset compilation error caused by d3 upgrade in August 2021

2022-06-18

• New public sign up page released, major changes include
  • Skills Options (formerly Talents) now listed as checkboxes for ease of reading
  • Membership options listed as checkboxes to give all examples at a glance
  • Javascript verification to ensure that Member 1 First Name, Last Name, and Email are filled
  • Javascript check that Member 1 email and Member 2 email are not the same
  • Javascript to ensure Helmet Waiver signed box is ticked (if configured)
  • Overall language and flow changes

2022-06-14

• Remove edit option from Actual Volunteering Sessions
• Create job for future bulk email
• Add Branch addresses to homepage in branch mode
• Email displayed on homepage as text
• Gosnells Bag Label now handles non-1toN catalogue items
• Rename of Talents to Skills (Options), and clarification of Skills (Free Text)
• Skills (Free Text) (aka Skills Report) added to Members drop down menu
• Overhaul of drop down menus (removal of duplicate links, update terminlogy, group toy actions)

2022-06-06

• Add heuristic notification for dropped PayPal payments

2022-05-22

• Fix error after failed login when online signups are enabled
• Fix alertbox script error on member pages
• PayPal reliability improvements
  
  • Fix precision of balance calculation
  • Use separate order lines for fees and donations
  • Stabilise PayPal callback to avoid losing payments

2022-05-19

• Hide Volunteer Calendar options on member sign up, and Volunteer History, unless Volunteers is enabled
• Removal of Click and Collect references in Member view when in Appointment mode
• Bookings/Click and Collect daily summary on home page
• Improve language from Sign up to Join here for public view
• Fix loan validation bug

2022-05-14

• Show due date and days overdue in loans history on member and toy pages
• Show all branch addresses on Primary bag label
• Add appointment reminder email 

2022-05-09

• In appointment mode, allow bookings until slot start time
• Fix glitch when refreshing page after picking up, returning or cancelling reservations

2022-05-05

• Fix bag label warnings for Little Buddies and Yarra Ranges
• Hide deleted toys in warnings and picture warnings lists
• Redesign bag label for Gosnells
• Update AWS credentials & move email to Sydney region

2022-04-27

• Line breaks in Home Page Text now show on public homepage, and in toy library settings
• Update of LittleBuddies bag label
• Added rake task for bulk emailing without creating membership essentials

2022-04-17

• Added template text to C&C Emails in install:email
• Removed superseded bag labels
• Added Appointment Mode to C&C
• Tidied up Toy Library Settings layout
• Creation of YarraRanges bag label to replace Mt Evelyn

2022-04-03

• Add SMS consent to admin signup page
• Replaced "parent" with "member" on admin and online signup pages
• Handle missing toy pic and library logo on Primary bag label
• use reCAPTCHA instead of humanizer for online signups
• Added member SMS list

2022-03-30

• Changed logo descriptions in settings to "website" and "bag label" to reflect how where they're used
• Use the correct membership length when unlocking a member
• Hide legacy membership types when unlocking a member
• Clarified payment details in invoice and reminder emails
• Fixed issue preventing PayPal.Me links in invoice emails from working correctly
• Fixed reservation calendar to ignore returned loans
• Block loaning an item when a conflicting reservation exists (introduced on 2022-03-06)
• Remove empty warning space on Primary bag label
• Add SMS consent to member

2022-03-09

• Fix incorrect loan period from logged-in user instead of borrowing member

2022-03-06

• Fix picture warnings for Monash2
• Remove unused bag label designs
• Fix Primary bag label borders and logo
• Fix broken link to "blank picture" on settings page
• Remove "T/" prefix from barcodes on new bag labels
• Add database transaction when loaning toy

2022-02-26

• Amendments to Geraldton bag label
• Amendments to Monash bag label
• Amendments to Primary bag label
• Fix formatting on renewal fee pdf
• Traffic light tables replaced with Volunteering status (all, and restricted to volunteering members)
• Member email, phone number added to volunteering status lists

2022-02-16

• Fixed missing column in past opening hours table
• Added new primary bag label design
• Fix PayPal issue with more than two decimal places
• Fix error when manually creating opening hours (introduced on 2022-02-13)
• Remove delete button from unverified members

2022-02-13

• Fixed Darebin bag label size
• Fixed membership end date update when verifying new member
• Add link to contract renewal invoice PDF on invoices page
• Check excluded dates when manually creating opening hours
• Prevent deleting opening hours with associated information

2022-02-08

• Fix picture warning image quality on bag labels
• Email member when nominating a special event roster
• Add mini bag label for Geraldton
• Display item attributes in selected order instead of alphabetical
• Add contract expiry email notifications
• New invoicing rules for March 2022

2022-01-25

• Show time for sent SMS messages
• Show queue position on hold receipt
• Hide hold receipt from non-admin users
• Fix columns on item list when branches and shelf locations are both enabled
• Increase font size for Geraldton bag label
• Sort attribute picker alphabetically when editing item
• Update address for Lincoln bag label
• Fix SMS to use the country from settings

2022-01-06

• Invoice batch job should correctly update HQ
• Add credentials for new HQ API
• Add Geraldton bag lab
• Fix daily stats to use loan/return times instead of create/update times
• Changes for SMS billing

2021-12-27

• Prevent member payment reminders being incorrectly reported as sent twice
• Update Google Maps Geocoding API key
• Removed reference to two-year contract renewals
• Update Willetton bag label to remove address and use configurable text
• Add Darebin bag label

2021-11-14

• Allow members to pay renewal fees using PayPal when "charge a fee to hire most toys" is set
• Fix performance & memory usage of some stats pages
• Reinstate automatic_sms table for all sites

2021-11-05

• Fixed self-service renewals not redirecting after clicking the "renew" button

2021-08-22

Set up Microsoft logins

If your organization uses Microsoft work or school accounts, these can be used to log into SETLS. To set this up, an administrator may need to follow the steps below.

Basic setup

1. Sign into the Azure Portal
2. Switch to the appropriate tenant using the 'Cog' button in the top right
3. Open the Azure Active Directory service 
4. Click Enterprise applications in the menu on the left
5. Click SeTLS - Serious Toy Library Software
   • If SeTLS is not in the list, attempt to sign into SeTLS using your Microsoft account, then come back and refresh the page. You may need to use an account with one of the 'Application Administrator' or 'Cloud Application Administrator' roles.
6. Click Properties in the menu on the left
   • Set Enabled for users to sign-in to Yes

TIP: this link will take you directly to the list of Enterprise applications in Azure Active Directory.

Providing consent

When using Microsoft accounts, consent must be provided to the application. This can be done:

• By the organization on behalf of all users, or specified users - this is referred to as "admin consent"
• By individual users - this is referred to as "self service"

For more information, see Overview of user and admin consent - Microsoft Entra | Microsoft Learn.

Admin consent

1. Follow steps 1-5 above to open SeTLS - Serious Toy Library Software
2. Click Permissions in the menu on the left
3. Click the Grant admin consent for <organisation> button
   • Log in with your Microsoft account if necessary
4. Refresh the list to see the list of permissions
   

Self-service

1. Follow steps 1-5 above to open SeTLS - Serious Toy Library Software
2. Click Self-service in the menu on the left
3. Set Allow users to request access to this application to Yes
4. Click Select group and choose an AAD group
   • we recommend creating a dedicated group, for example "SETLS Users"
5. Set Require approval before granting access to this application to Yes if needed

Self-service is subject to global settings found on the Consent and permissions page.

How Do Barcodes Work?

How do I get barcodes on my toys?